Wednesday, November 30, 2011

2012: Blood in the Water

2011 was the year that our perceived security was stripped away. EMC’s RSA division was breached and soon afterward so were some of its customers. The world’s largest anti-virus companies have been taken to task for selling snake oil (also known as anti-virus) to gullible CEOs. Local police departments were unable to protect their own officers’ personal and confidential information. The FBI’s Infraguard program was repeatedly hacked. And the directors of DARPA and NSA have recently both agreed that after many years of trying they’ve failed to come up with a security model that works.

We’ll be entering 2012 more vulnerable than ever before because at least part of our security relied upon the perception by bad guys that those charged with our security, both public and private, could do the job. Well, that myth has been busted which gives rise to opportunity. Conversely, over 28 nations and counting are developing offensive cyber capabilities, and the really malicious actors of the world like drug cartels and extremist groups (both domestic and foreign) are rapidly learning what’s possible vis-a-vie attacks through cyberspace. In other words, those with the means to act are growing quickly.

Finally, the anger and frustration of the expanding Occupy movement combined with the onset of hate-fueled politics that accompanies a Presidential election year - especially against this President - will engender widespread motivation for people to take action. With means, motive, and opportunity solidly represented, I fully expect 2012 to produce one or more multi-modal cyber attacks against a U.S. target which will result in serious harm if not loss of life. By multi-modal, I mean an offensive operation where a cyber attack represents one component. Once there's blood in the water, you can expect more of the same to quickly follow.

The very worst part of this prediction is that its inevitable. CEOs typically refuse to act to protect their own companies if it cuts into profit. The U.S. government has refused to do what’s necessary to protect our nation’s critical infrastructure because it's 90% privately owned, and our laws and system of government has enabled this massive malfeasance so that everyone responsible can claim absence of malice. In the words of Upton Sinclair and the movie based upon his book Oil! - "there will be blood". It's just a matter of time.